Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.NetSky.a Viruses Information

Name: I-Worm.NetSky.a
Category: Viruses
Description: Details
I-Worm.NetSky.ac

This worm spreads via the Internet as an attachment to infected messages, and via shared network resources. The worm itself is a Windows PE EXE file, 17920 bytes in size, packed using PE-Patch. The unpacked file is approximately 1.5MB in size. It is written in Microsoft Visual C.
Characteristics of infected messages:
Message header (chosen at random from the following):
Question
Letter
Picture
More samples
Only love?
Funny
Numbers
Found
Stolen
Money
Letter
Text
Pictures
Criminal
Wow
Password
Privacy
Hurts
Correction
Message body (chosen at random from the following):
Does it hurt you?
Do you have written the letter?
Do you have more photos about you?
Do you have more samples?
Wow! Why are you so shy?
You have no chanceall
Are your numbers correct?
I've found your creditcard. Check the data!
Do you have asked me?
Do you have no money?
True love letter?
The text you sent to me is not so good!
Your pictures are good!
Hey, are you criminal?
Why do you show your body?
I've your password. Take it easy!
Still?
How can I help you?
Please use the font arial!
Attachment name (chosen at random from the following):
your_picture.pif
your_letter_03.pif
all_pictures.pif
your_picture.pif
loveletter02.pif
your_text.pif
pin_tel.pif
visa_data.pif
my_stolen_document.pif
your_bill.pif
your_letter.pif
your_text01.pif
your_picture01.pif
myabuselist.pif
image034.pif
passwords02.pif
document1.pif
hurts.pif
corrected_doc.pif
The worm is only activated if the user launches the infected file by clicking twice on the attachment. The worm then installs itself to the system and starts propagating.
Mass mailing
The worm uses a direct connection to the SMTP-server to send messages.
Installation
When installing, the wom copies itself to the Windows directory under the name csrss.exe and registers this file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunBagleAV
thus attempting to disguise itself as an antivirus working against Bagle.
Other
The worm attempts to delete registry keys created by I-Worm.Bagle.y



Top Viruses Visited Pages:
Invader. - 241 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 67 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
I-Worm.Kitro.
TypoBoo
Andre
I-Worm.Silve
I-Worm.ZippedFiles (a.k.a. ExploreZip
Macro.Word.Ho
Email-Worm.Win32.Bagle.d
I-Worm.Mimail.
WW.21
Win32.Savior.183


 

© 2006-2008 spyware32.com - Privacy Policy